3

There is a multilingual web shop, visitors can access from two domains, with different language:
hxxp://x.com - English
hxxp://x.ru - Russian, which is an add-on domain to x.com.

The authentication and cart pages are here, through SSL: https://x.com/index.php?mode=login

How can I use the cookie informations of x.ru on hxxps://x.com? And is it ok to redirect the visitors of x.ru to hxxps://x.com for authentication, and after that, redirect back to x.ru?

thank you.

Tsfed
  • 33
  • 2
  • I wrote a blog entry a while back that might be helpful to you. http://www.netortech.com/Blog/Entry/12/Web-passport-services – Spencer Ruport Dec 07 '10 at 10:38

2 Answers2

1

This cannot be done precisely as you want. x.com and x.ru are different sites; if they could share cookie data, x.ru and gmail.com could also. That would be bad.

See Cross domain cookie access (or session) .

I believe you can set a third-party cookie for x.ru from x.com, but third-party cookies are often blocked by users' browers (for good reason).

Community
  • 1
  • 1
Borealid
  • 95,191
  • 9
  • 106
  • 122
  • x.ru is an addon domain, so there is only one real webshop and database. Just the language is different. I did some search for third-party cookies, and you are right, it is not the best choice. – Tsfed Jul 29 '10 at 15:02
  • @Tsfed : if they're really the same site, why not make them share a domain? If you had foo.x.com and bar.x.com, you could set the cookie domain to 'x.com' and they could share. – Borealid Jul 29 '10 at 15:25
  • I think it's more seo friendly to have different domains than different subdomains. Or not? – Tsfed Jul 29 '10 at 18:16
  • @Tsfed No, you really don't want to contort your site structure based on search engine behavior. Bad idea. – Borealid Jul 29 '10 at 18:21
  • What do you mean by contort the structure? The content and the structure would be the same an a subdomain too. Which have better value, two different subdomains or two domains? (Canon do not use subdomains: canon.de and canon.co.uk) – Tsfed Jul 29 '10 at 18:48
0

If you look any Google auth page it's redirect you to a SSL login page then returns to a simple http one. So i think this will be fine.

IMO you can store cookie informations in a database with a unique token then check this data against stored cookies/session variables.

fabrik
  • 14,094
  • 8
  • 55
  • 71